03-26-2010 10:31 AM
My office has been using trend neatsuite for many years. Servers are installed with serverprotect and workstations installed with officescan. I've recently upgraded the officescan to 10.0 and I've noticed that server protect normal servers can be migrated to use the officescan instead. May I know is there any difference in doing so? And how do I disable the trend officescan server antivirus from the office scan server? Thanks
Solved! Go to Solution.
03-26-2010 02:00 PM
To answer your question, a little background info first.
Years ago, ServerProtect was the only solution that ran on server operating systems (Windows NT, Windows 2000 server) and OfficeScan ran on workstation operating systems (Windows 95, 98, ME, XP, Windows 2000 Workstation). Starting with OfficeScan version 6.0, Trend Micro made OfficeScan work on all windows platforms (server and workstation operating systems). Since then, versions 6.5, 7.0, 7.3, 8.0, and 10.0 have been released, with more and more of the ServerProtect features being incorporated with each subsequent version. In that same time, ServerProtect has really only received minor updates to make it 64-bit compatible, Windows 2008 compatible, etc. but all of the bleeding edge technology has not been added (Web Reputation, File Reputation, etc.) to ServerProtect.
With all that said, I typically recommend to customers that they migrate everything to OfficeScan since it has more technology, newer technology, web-based management console, more scalability (10,000 - 1 in OfficeScan vs. 500 - 1 in ServerProtect), etc.
ServerProtect is still an active product with an active, albeit slower, roadmap so you don't *have* to switch if you don't want to. I find most customers like the new protection capabilities, performance, and manageability that OfficeScan gives them in comparison.
To really confuse you though, Trend Micro also recognizes that servers often times need more protection than just anti-virus, so our Deep Security product can give you a centrally managed, multi-platform (windows, unix, linux), deep packet stateful inspection firewall, host-based network ips/ids, log inspection, file integrity monitoring, and very soon, anti-virus capabilities within one agent, one console, one product. If you are currently using a comnbination of other technologies in your server environment to provide this functionality, you may want to migrate from ServerProtect to Deep Security to get more features in a smaller package (single agent) for probably less money.
In summary, you have three choices the way I see it:
1. Stick with ServerProtect on your servers, understanding that you may not have the latest and greatest features
2. Migrate your servers to OfficeScan and have the latest features and one management console
3. Migrate your servers to Deep Security and get more advanced features you don't get from traditional anti-virus products
03-27-2010 10:12 AM
Thanks for explaining the differences between these 2 products. I will have to decide on which product to be use on my server platforms. But I have another question with regards to my experience with the office scan clients. I've seen virus warning messages popping out from my office scan 7.3 clients but most of the time the files are being quarantined and cannot be clean? And I have to clean all those virus infected computer using Microsoft one live online scanner to removed the virus and registry keys. So it seems that the office scan 7.3 can only block and not cleaning up infected computers? I've upgraded the office scan to version 10.0. I really hope that it will be able to clean up infected computers this time round.
03-27-2010 09:51 PM
Another question, does the serverprotect 5.8 disable the windows firewall/ICS service after installation on a windows 2003 server?
03-28-2010 07:50 AM
Firstly about the pop-up messages on your OSSE 7.3 office scan clients. The OSCE 7.3 is dead, completely. You must to move to OSCE 10 SP1 without waiting because the OSCE 7.3 cannot catch most today viruses. From other side, the most viruses is un-cleanable, from my experience, only viruses from PE* family can be cleaned.
More about virus names you can find here.
About firewall, the SP not have firewall module, so, the SP not stop windows firewall and you need to open communication ports for Server protect self. Ports list
03-28-2010 08:50 AM
As Kirill said, OfficeScan 7.3 is end of life now and we no longer support it, and since it is a number of years old and 2 versions behind the previous generation, moving to 10.0 would be a smart move.
As for the behavior you were seeing, let me point out a few things.
1. The concept of "clean" is not really relevant in today's threat landscape. This feature came from a time when the bad guys would append viruses to good files, and we could clean them by removing the virus, leaving the good file intact. Today, most viruses are the entire file, so cleaning is not really the right term or action for taking care of those threats. Therefore, Quarantine, which is an administratively chosen action, is a better action. With all of our products, 2 actions are tried on every detected file. By default this is Clean, and if Clean doesn't work, then Quarantine. Long story short, this is how the product should work and it sounds like it is working properly, even though it is an old version.
2. You may have meant to say that files couldn't be cleaned or quarantined. If that is the case, this is common with files that are locked by the operating system. Those files typically are the Internet Explorer temp files, System Restore files, and files in the Recycle Bin. We can't delete/quarantine them because the operating system won't let us. We encrypt though, which renders them harmless. In OfficeScan 7.3, this didn't look very nice in the logs, but in OfficeScan 10, the resulting log files indicates that the file is encrypted to give you piece of mind. The only way to really clean these are the empty out the IE temp directory, delete the infected system restore point, or empty the recycle bin.
3. Lastly, we did add some heuristic technology a number of years ago, but the default settings are set to Pass because of false positive concerns on the part of customers. This may concern you because you might see things like "Passed" in the log files instead of Clean, Quarantine, or Delete. These are detections like MAL_OTORUN, TROJ_GENERIC, etc. Fortunately, there is a way to change the behavior, unfortunately it isn't in the GUI. Here are the instructions to change this (I would recommend Clean, Quarantine or Clean, Delete as the actions you choose):
And as Kirill said, there is no firewall component in ServerProtect, so it doesn't make any changes to any firewall you may already have in place.
03-30-2010 12:10 AM
There are a few instances where you might prefer ServerProtect over the OSCE or DS products.
If your server is a Terminal or Citrix Server that typically has over 20 users logged in at one time, then ServerProtect is a must have.
OSCE is improving with every version, but it is also, by a very large magnitude, a much heavier product that takes up a lot of resources.
ServerProtect is a light weight, very fast, very lean a/v scanner that is completely aware of Terminal server and Citrix, so it doesn't spawn multiple copies when multiple users login.
If you've got a very busy server, or terminal/citrix, your best bet is to use ServerProtect.
For anything else, you can safely use OSCE.
03-30-2010 02:07 AM
Thanks guys for explaining to me on the features of this new release. Now I have this issue of the officescan program directory increasing drastically in size over the past 2 days. Installed the program on 26 March and after doing some online updating. The program directory was about 1.67GB. Had a check on 28 march and the folder size was 2.1GB and another check today the folder size was 2.6GB. Cleared all the quarantined files which cleared only 7mb.
I am now worried that this folder will go all the way increasing by 500 MB daily and soon enough, my hard drive will be out of space. It there something wrong with it? Is there any tools to do some maintenance on it?
11-04-2010 11:05 PM
I am new to Trend Micro and I need to replace the present Antivirus software on all our Windows Server Platform, so I need to decide between OfficeScan and ServerProtect. I will appreciate if you could elaborate more on the following
1) Since more and more of ServerProtect features are being incorporated into OfficeScan and there are only minor changes being effected in ServerProtect itself, is it the plan that ServerProtect will be decommissioned at one point?
2) What would be your remarks relating to MCaspers's comment on OSCE needing more resources in comparison to ServerProtect? I am asking this because we will be implementing whichever product we echoed also on Terminla/Citrix servers.
3) Does OSCE also support other Operating Systems (Linux, Mac, Netware) or are there such plans in the pipeline as OSCE takes up more of ServerProtect features.
Though we licensed "Endpoint Security suite with Exchange", but I woould not like to introduce 2 different products on the Servers platform.
02-14-2012 05:54 AM
Do you have any information on roadmap of Server Proetct 5.8. What will be next version? Our client is on Server Proetct 5.8, and he wants to plan for upgrade. But there is no information on Trend Micro site. can you please help on this?